The security of all RSA and discrete log bitsThe security of all RSA and discrete log bits

Access Restriction
Subscribed

 Author Hstad, Johan ♦ Nslund, Mats Source ACM Digital Library Content type Text Publisher Association for Computing Machinery (ACM) File Format PDF Copyright Year ©2004 Language English
 Subject Domain (in DDC) Computer science, information & general works ♦ Data processing & computer science Subject Keyword Cryptography ♦ RSA-encryption ♦ Bit-security ♦ Complexity ♦ Discrete logarithms Abstract We study the security of individual bits in an RSA encrypted message $E_{N}(x).$ We show that given $E_{N}(x),$ predicting any single bit in $\textit{x}$ with only a nonnegligible advantage over the trivial guessing strategy, is (through a polynomial-time reduction) as hard as breaking RSA. Moreover, we prove that blocks of $\textit{O}(log$ log $\textit{N})$ bits of $\textit{x}$ are computationally indistinguishable from random bits. The results carry over to the Rabin encryption scheme.Considering the discrete exponentiation function $g^{x}$ modulo $\textit{p},$ with probability 1 ™ $\textit{o}(1)$ over random choices of the prime $\textit{p},$ the analog results are demonstrated. The results do not rely on group representation, and therefore applies to general cyclic groups as well. Finally, we prove that the bits of $\textit{ax}$ + $\textit{b}$ modulo $\textit{p}$ give hard core predicates for any one-way function $\textit{f}.All$ our results follow from a general result on the chosen multiplier hidden number problem: given an integer $\textit{N},$ and access to an algorithm $P_{x}$ that on input a random $\textit{a}$ ∈ $Z_{N},$ returns a guess of the $\textit{i}th$ bit of $\textit{ax}$ mod $\textit{N},$ recover $\textit{x}.$ We show that for any $\textit{i},$ if $P_{x}$ has at least a nonnegligible advantage in predicting the $\textit{i}th$ bit, we either recover $\textit{x},$ or, obtain a nontrivial factor of $\textit{N}$ in polynomial time. The result also extends to prove the results about simultaneous security of blocks of $\textit{O}(log$ log $\textit{N})$ bits. ISSN 00045411 Age Range 18 to 22 years ♦ above 22 year Educational Use Research Education Level UG and PG Learning Resource Type Article Publisher Date 2004-03-01 Publisher Place New York e-ISSN 1557735X Journal Journal of the ACM (JACM) Volume Number 51 Issue Number 2 Page Count 44 Starting Page 187 Ending Page 230

Open content in new tab

Source: ACM Digital Library